[AusNOG] AusCERT Week in Review - Week Ending 15/08/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Aug 15 16:08:48 EST 2008
AusCERT Week in Review
15 August 2008
Greetings,
I am sure you are all expecting me to mention something about Microsoft
and how you should patch your systems now. And then I would go on to say
how you should patch all systems with patches as soon as you can. After
all I am a good little security professional.
If you were thinking that then you would be half right. I would definitely
recommend patching the Microsoft products. However yesterday you may have
seen the "VMware ESX and ESXi Update 2 patch causing error" bulletin we
sent. If you didn't read it - basically it caused virtual machines to
refuse to power on.
So if you can't patch, and you can't not patch, what do you do? Well
testing before deployment is one option. You probably won't be able to test
everything, but hopefully it will uncover bugs (like not being able to
boot any of your virtual machines) that you would like to avoid introducing
into a production environment.
In other news, Symantec Veritas Storage Foundation for Windows has a remote
SYSTEM compromise, so you may want to check any systems you run that on
are not accessible on TCP port 4888, or apply the patch (after testing of
course).
Richard
AusCERT in the Media:
- - ---------------------
Hackers launch attacks on Georgian sites
Ninemsn, Australia
Aug 10, 2008
http://news.ninemsn.com.au/article.aspx?id=612436
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0133 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities Reported
in Horde Applications
Date: 15 August 2008
URL: http://www.auscert.org.au/9462
Title: AA-2008.0172 -- [Win][UNIX/Linux] -- New release of Joomla! to correct
a possible administrator compromise vulnerability
Date: 15 August 2008
URL: http://www.auscert.org.au/9727
Title: AL-2008.0091 -- [Win] -- Symantec Veritas Storage Foundation Scheduler
Service NULL Session Authentication Bypass Vulnerability
Date: 15 August 2008
URL: http://www.auscert.org.au/9729
Title: AU-2008.0018 -- AusCERT Update - [VMware ESX] - VMware ESX/ESXi 3.5
Update 2 patch causing error
Date: 14 August 2008
URL: http://www.auscert.org.au/9720
Title: AL-2008.0085 -- [Win] -- MS08-041 - Vulnerability in the ActiveX
Control for the Snapshot Viewer for Microsoft Access Could Allow Remote
Code Execution
Date: 13 August 2008
URL: http://www.auscert.org.au/9701
Title: AL-2008.0086 -- [Win][OSX] -- MS08-043 - Vulnerabilities in Microsoft
Excel Could Allow Remote Code Execution
Date: 13 August 2008
URL: http://www.auscert.org.au/9702
Title: AL-2008.0087 -- [Win] -- MS08-044 - Vulnerabilities in Microsoft Office
Filters Could Allow Remote Code Execution
Date: 13 August 2008
URL: http://www.auscert.org.au/9703
Title: AL-2008.0088 -- [Win] -- MS08-045 - Cumulative Security Update for
Internet Explorer
Date: 13 August 2008
URL: http://www.auscert.org.au/9704
Title: AL-2008.0089 -- [Win] -- MS08-046 - Vulnerability in Microsoft Windows
Image Color Management System Could Allow Remote Code Execution
Date: 13 August 2008
URL: http://www.auscert.org.au/9705
Title: AL-2008.0090 -- [Win][OSX] -- MS08-051 - Vulnerabilities in Microsoft
PowerPoint Could Allow Remote Code Execution
Date: 13 August 2008
URL: http://www.auscert.org.au/9706
Title: AA-2008.0169 -- [Win] -- Webex Meeting Manager ActiveX control
vulnerability
Date: 12 August 2008
URL: http://www.auscert.org.au/9689
Title: AL-2008.0084 -- [Win] -- Microsoft Bulletin Notification - August
Prerelease Announcement
Date: 12 August 2008
URL: http://www.auscert.org.au/9696
Title: AA-2008.0171 -- [Win] -- A vulnerability has been found in the Cygwin
setup.exe program
Date: 12 August 2008
URL: http://www.auscert.org.au/9700
Title: AA-2008.0170 -- [Linux] -- A vulnerability in the Linux Kernel uvcvideo
format descriptor parsing may allow code execution
Date: 11 August 2008
URL: http://www.auscert.org.au/9693
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0811 -- [RedHat] -- Moderate: yum-rhn-plugin security update
Date: 15 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9730
Title: ESB-2008.0810 -- [UNIX/Linux][RedHat] -- Moderate: postfix security
update
Date: 15 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9728
Title: ESB-2008.0809 -- [Win][UNIX/Linux] -- Directory Traversal vulnerability
in Bugzilla
Date: 14 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9726
Title: ESB-2008.0808 -- [Win][Linux][HP-UX][Solaris] -- A Security
Vulnerability in the ftp Subsystem of Sun Java System Web Proxy Server
4.0 May Lead to a Denial of Service (DoS)
Date: 14 August 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
Vista
URL: http://www.auscert.org.au/9725
Title: ESB-2008.0807 -- [Win] -- Two vulnerabilities in CA HIPS kmxfw.sys and
CA HIPS kmxfw.sys
Date: 14 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9724
Title: ESB-2008.0806 -- [Win][UNIX/Linux] -- ClamAV denial of service
vulnerability
Date: 14 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9723
Title: ESB-2008.0805 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
weaknesses were discovered in Drupal
Date: 14 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9722
Title: ESB-2008.0804 -- [HP Tru64 UNIX] -- HP Tru64 UNIX running BIND, Remote
DNS Cache Poisoning
Date: 14 August 2008
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/9721
Title: ESB-2008.0803 -- [RedHat] -- Multiple Red Hat Network Satellite Server
and Satellite Server client security updates
Date: 14 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9719
Title: ESB-2008.0802 -- [RedHat] -- Low: Red Hat Network Satellite Server
security update
Date: 14 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9718
Title: ESB-2008.0801 -- [RedHat] -- Low: Red Hat Network Proxy Server security
update
Date: 14 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9717
Title: ESB-2008.0800 -- [Solaris] -- A Security Vulnerability in Solaris 10
involving the sendfilev() system call could result in Denial of Service
(DoS) due to System Panic
Date: 15 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9716
Title: ESB-2008.0799 -- [HP-UX] -- HP-UX Running ftpd, Remote Privileged
Access
Date: 13 August 2008
OS: HP-UX
URL: http://www.auscert.org.au/9715
Title: ESB-2008.0798 -- [RedHat] -- Moderate: hplip security update
Date: 13 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9714
Title: ESB-2008.0797 -- [VMware ESX] -- Updated ESX packages for OpenSSL,
net-snmp, perl
Date: 13 August 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9713
Title: ESB-2008.0796 -- [Win] -- Updated VirtualCenter addresses User Account
Disclosure Vulnerability
Date: 13 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9712
Title: ESB-2008.0795 -- [Win] -- MS08-050 - Vulnerability in Windows Messenger
Could Allow Information Disclosure
Date: 13 August 2008
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/9711
Title: ESB-2008.0794 -- [Win] -- MS08-049 - Vulnerabilities in Event System
Could Allow Remote Code Execution
Date: 13 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9710
Title: ESB-2008.0793 -- [Win] -- MS08-048 - Security Update for Outlook
Express and Windows Mail
Date: 13 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9709
Title: ESB-2008.0792 -- [Win] -- MS08-047 - Vulnerability in IPsec Policy
Processing Could Allow Information Disclosure
Date: 13 August 2008
OS: Server 2008, Windows Vista
URL: http://www.auscert.org.au/9708
Title: ESB-2008.0791 -- [Win] -- MS08-042 - Vulnerability in Microsoft Word
Could Allow Remote Code Execution
Date: 13 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9707
Title: ESB-2008.0790 -- [Win] -- Trend Micro OfficeScan ActiveX Buffer
Overflow Issue
Date: 12 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9699
Title: ESB-2008.0789 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in Ruby
Date: 15 August 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9698
Title: ESB-2008.0788 -- [Win] -- Presenter 7 update available to address
potential Cross-site Scripting issues
Date: 12 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9697
Title: ESB-2008.0787 -- [RedHat] -- Moderate: dnsmasq security update
Date: 12 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9695
Title: ESB-2008.0786 -- [Win][UNIX/Linux][RedHat] -- Moderate: condor security
and bug fix update
Date: 12 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9694
Title: ESB-2008.0785 -- [Solaris] -- Security Vulnerability in Solaris Trusted
Extensions Labeled Networking may lead to remote unauthorized access to
the Global Zone (zones(5)) of the System
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9692
Title: ESB-2008.0784 -- [Win][UNIX/Linux] -- New PowerDNS packages reduce DNS
spoofing risk
Date: 11 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9691
Title: ESB-2008.0782 -- [Solaris] -- Security Vulnerability in Firmware for
Netra T5220 Systems May Allow a Denial of Service (DoS)
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9686
Title: ESB-2008.0781 -- [Solaris] -- Security Vulnerabilities in the Solaris
Priority Inherited pthread mutex API May Result in a Denial of Service
(DoS) Condition
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9685
Title: ESB-2008.0770 -- [Solaris] -- Multiple Security Vulnerabilities in the
Adobe Reader may lead to Execution of Arbitrary Code and Overwrite
Arbitrary Files
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9671
Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several
security issues
Date: 15 August 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9645
Title: ESB-2008.0715 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
Poisoning
Date: 11 August 2008
OS: HP-UX
URL: http://www.auscert.org.au/9601
Title: ESB-2008.0684 -- [Solaris] -- Solaris BIND - Security Vulnerability in
the DNS Protocol may lead to DNS Cache Poisoning
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9560
Title: ESB-2008.0637 -- [Solaris] -- Multiple Security Vulnerabilities in the
FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF)
format font files may lead to a Denial of Service (DoS) or allow
Execution of Arbitrary Code
Date: 15 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9489
Title: ESB-2008.0623 -- [VMware ESX] -- Updated Tomcat and Java JRE packages
for VMware ESX 3.5
Date: 15 August 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9463
Title: ESB-2008.0569 -- [Solaris] -- A Security Vulnerability in the Solaris
crontab(1) utility may allow execution of Arbitrary Code
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9381
Title: ESB-2008.0203 -- [Solaris] -- Security Vulnerability in Solaris 10 Perl
5.8
Date: 11 August 2008
OS: Solaris
URL: http://www.auscert.org.au/8865
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list